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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE £3] MONTH(S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication{s) filed on 09 February 2004 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal nnatters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) IEI Claim(s) 10-20 is/are allowed. 

6) S Claim(s) 1,2.4 and 9 is/are rejected. 

7) |EI Claim(s) 3,5-8 is/are objected to. 

8) n Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 2/9/04 is/are: a)lEI accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1, 85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Examiner's Detailed Office Action 



1. This Office is responsive to application 10/774,620, filed February 9, 2004. 

2. Claims 1 -20 have been examined. 

Objections to the Claims 

3. Claim 4 is objected to because of the following informalities: In 

Claim 4 "potion" should be - portion-. 

Claim 5 "method of claim 5" should reference some other method above claim 5. 
Examiner assumes "method of claim 1". 

Appropriate correction is required. 



Claim Rejections - 35 USC § 102 



4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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5. Claims 1,2,4 are rejected under 35 U.S.C. 102(b) as being anticipated by Wack et al, "NIST 
Special Publication X-X, Guide to Firewall Selection and Policy Recommendations", 2001. 

Regarding claim 1 . Wack et al teach a method of filtering data in a computer network {see pp. 
3-16, §2.1. General Introduction to Firewall Technology); the method comprising: receiving data 
in a first computer {see p. 6, §2.2. Packet Filter Firewalls, "Packet filter firewalls are essentially 
routing devices that include access control functionality for system addresses and 
communication sessions. The access control fimctionality of a packet filter firewall is governed 
by a set of directives collectively referred to as a rulebase.", Examiner interprets a "packet filter 
firewair to be a first computer and a packet to be data.); scanning the data {see p. 7, para. 3, 
"The packet filter, referred to as a boundary router, can block certain attacks, possibly filter 
unwanted protocols, perform simple access control,", Examiner interprets filtering unwanted 
protocols to comprising scanning the packet header data.) against at least a portion of a 
knowledge base {see p. 9, Figure 2.5: Sample Packet Filter Firewall Rulebase, Examiner 
interprets a ''rulebase'' to be a knowledge base.) in the first computer; 

forwarding the data to a second computer over a computer network {see p. 7, "The packet filter, 
referred to as a boundary router, can block certain attacks, possibly filter unwanted protocols, 
perform simple access control, and then pass the traffic onto other firewalls that examine higher 
layers of the OSI stack.", Examiner interprets ''application-proxy gateway firewaW to be a 
second computer.); and scanning the data against at least a portion of a knowledge base in the 
second computer, the portion of the knowledge base in the second computer including 
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information not present in the portion of the knowledge base in the first computer {see p. 13, 
"Each individual application-proxy, also referred to as a proxy agent, interfaces directly with the 
firewall access control rulebase to determine whether a given piece of network... traffic should 
be permitted to transit the firewall In addition to the rulebase, each proxy agent has the ability to 
require authentication of each individual network user.", Examiner interprets authentication " 
to comprise: User ID and Password, Hardware or Software Token, Source Address, and 
Biometric data; which is not present in the portion of the knowledge base in the first computer.). 

Regarding claim 2. Wack et al teach the method of claim 1 wherein the knowledge base in the 
first computer is a subset of the knowledge base in the second computer {see p. 13, "Each 
individual application-proxy, also referred to as a proxy agent, interfaces directly with the 
firewall access control rulebase to determine whether a given piece of net work... traffic should 
be permitted to transit the firewall." Examiner interprets the direct interface to the firewall 
access control rulebase to provide the application-proxy direct access to the entire access 
control rulebase. Since a set is its own subset, the firewall 's rulebase is a subset of the 
application-proxy's rulebase.). 

Regarding claim 4. Wack et al teach the method of claim 1 fiirther comprising: 
in the first computer, determining a designated destination computer of the data, and wherein the 
pofion of the knowledge base in the first computer is selected based on a resource capacity of the 
desfination computer {see p. 9, Figure 2.5: Sample Packet Filter Firewall Rulebase, "[Any| Any| 
192.168.1.2] SMTP (25)| Allow| Allow External Users to send Email in]". Examiner interprets 
''Allow External Users to send Email in'' to be a resource of 192.168.1.2.), 
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Regarding claim 9. Wack et al teach the method of claim 1 wherein the data comprise a file {see 
p. 10, "An organization could choose to restrict the types of traffic originating from 
within the organization, such as blocking all outbound FTP traffic." Examiner asserts that FTP 
traffic consists of FTP file data,). 

Allowable Subject Matter 

6. Claims 3 and 5-8, are objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent form including all of the limitations of the base claim and 
any intervening claims. 

Reasons For Allowance 

7. The following is an examiner's statement of reasons for allowance: 

Claims 10-17 are allowed as the best reference, Wack et al, teach a system comprising: a 
content filtering system in a first computer {see p. 14, §2.5 Dedicated Proxy Servers), but do not 
teach a system where: there is a content filtering agent in a second computer, the second 
computer being the destination computer of the of the incoming data; the content filtering system 
being configured to determine a destination computer of an incoming data and to scan the 
incoming data against a knowledge base in the first computer based on a resource capacity of the 
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destination computer or the content filtering agent being configured to scan the incoming data 
against a knowledge base in the second computer based on an amount of scanning performed by 
the content filtering system on the incoming data in the first computer. 

Claims 18-20 are allowed as the best reference, Wack et al, teach a system comprising: A 
method of detecting viruses in an incoming data {see §2.5 Dedicated Proxy Servers, p. 15, "Virus 
scanning and removal"), the method comprising: comparing a content of an incoming data 
against a first set of virus patterns in a pattern file in a first computer serving as a gateway 
security node {see §2.5 Dedicated Proxy Servers, p. 15, para. 2, Examiner interprets gateway 
security to comprise enforcing "user authentication requirements as well as other filtering and 
logging on any traffic'',); and forwarding the incoming data to a second computer (see p. 15, 
para. 1, "The proxy server would perform filtering or logging operations on the traffic and then 
forward it to internal systems (or another firewall)."). However, Wack et al, do not teach a 
system comprising: comparing the content of the incoming data against a second set of virus 
patterns in a pattern file in a second computer, the second set of virus patterns including virus 
patterns that are different from that in the first set of virus patterns. 

Any comments considered necessary by applicant must be submitted no later than the payment 
of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. 
Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 



Application/Control Number: 10/774,620 
Art Unit: 2121 



Page 7 



Correspondence Information 



Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Nathan H. Brown, Jr. whose telephone number is 571-272- 8632. The 
examiner can normally be reached on M-F 0830-1700. If attempts to reach the examiner by 
telephone are unsuccessful, the examiner's supervisor, Anthony Knight can be reached on 571- 
272-3687. The fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. Information regarding the status of an application may be obtained 
from the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions 
on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). ^ jf 




Supervisory Patent Examiner 



Tech Center 2 100 



Nathan H. Brown, Jr. 
May 3, 2006 



